Releases105
Frequency1 month 4 weeks
Last Release
Lightweight pipelining with Python functions

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
= 1.4.27.5 HIGH

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content.

= *, < 1.1.17.3 HIGH

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.